NETLAB+ support materials for CCNA Security have been revised to provide compatibility with the release of CCNA Security version 1.1. A new topology, MAP with ASA, has been created to provide added functionality.
Several labs have been added to the lab list below:
CCNA Security labs require different console and enable secret password settings from other courses. Please review the information on enabling CCNA Security labs.
| Lab | Description | Pod Required | Comments |
|---|---|---|---|
| Ch. 0 A | Configuring Devices for Use with Cisco Configuration Professional (CCP) 2.5 | MAP w/ASA or MAP or CRP or BRPv2 | |
| Ch. 1 A | Researching Network Attacks and Security Audit | No equipment is required. | |
| Ch. 2 A | Securing the Router for Administrative Access | MAP w/ASA or MAP or CRP or BRPv2 | |
| Ch. 3 A | Securing Administrative Access Using AAA and RADIUS | MAP w/ASA or MAP or CRP or BRPv2 | |
| Ch. 4 A | Configuring CBAC and Zone-Based Firewalls | MAP w/ASA or MAP or CRP or BRPv2 | |
| Ch. 5 A | Configuring an Intrusion Prevention System (IPS) Using the CLI and CCP | MAP w/ASA or MAP or CRP or BRPv2 | |
| Ch. 6 A | Securing Layer 2 Switches | MAP w/ASA or MAP or LSP | For part 4 (Configure SPAN and Monitor Traffic) please use task 2, option 2. |
| Ch. 7 A | Exploring Encryption Methods | MAP w/ASA or MAP or LSP | |
| Ch. 8 A | Configuring a Site-to-Site VPN Using IOS and CCP | MAP w/ASA or MAP or CRP or BRPv2 | |
| Ch. 8 B | Configuring a Remote Access VPN Server and Client | MAP w/ASA or MAP or CRP or BRPv2 | |
| Ch. 9 A | Security Policy Development and Implementation | MAP w/ASA or MAP | |
| Ch. 9 A Part 1 | Security Policy Development and Implementation Part 1 | CRP or BRPv2 | Security with routers. |
| Ch. 9 A Part 2 | Security Policy Development and Implementation Part 2 | LSP | Security with switches. |
| Ch. 10 A | Configuring ASA Basic Settings and Firewall Using CLI | MAP w/ASA1 | |
| Ch. 10 B | Configuring ASA Basic Settings and Firewall Using ASDM | MAP w/ASA1 | |
| Ch. 10 C | Configuring Clientless and AnyConnect Remote Access SSL VPNs Using ASDM | MAP w/ASA1 | |
| Ch. 10 D | Configuring a Site-to-Site IPsec VPN Using CCP and ASDM | MAP w/ASA1 | |
| Ch. 10 E | Configuring ASA Basic Settings and Firewall Using CLI | MAP w/ASA2 | |
| Ch. 10 F | Configuring ASA Basic Settings and Firewall Using ASDM | MAP w/ASA2 | |
| Ch. 10 G | Configuring Clientless and AnyConnect Remote Access SSL VPNs Using ASDM | MAP w/ASA2 | |
| Ch. 10 H | Configuring a Site-to-Site IPsec VPN Using CCP and ASDM | MAP w/ASA2 | |
| SBA | Skills Based Assessment | MAP w/ASA1 |
NDG has worked closely with the Cisco CCNA Security lab team to develop these labs and to ensure compatibility with NETLAB+ topologies. This table indicates the NETLAB+ topologies that may be used for each lab.
| CCNA Security Lab | Multi-Purpose Academy Pod with ASA | Multi-Purpose Academy Pod | Basic Router Pod | Cuatro Router Pod | LAN Switching Pod |
|---|---|---|---|---|---|
| MAP w/ASA | MAP | BRPv2 | CRP | LSP | |
| Ch. 0 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 1 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 2 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 3 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 4 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 5 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 6 Lab A | Yes | Yes | Yes | ||
| Ch. 7 Lab A | Yes | Yes | Yes | ||
| Ch. 8 Lab A | Yes | Yes | Yes | Yes | |
| Ch. 8 Lab B | Yes | Yes | Yes | Yes | |
| Ch. 9 Lab A | Yes | Yes | Part 1 | Part 1 | Part 2 |
| Ch. 10 Lab A | Yes1 | ||||
| Ch. 10 Lab B | Yes1 | ||||
| Ch. 10 Lab C | Yes1 | ||||
| Ch. 10 Lab D | Yes1 | ||||
| Ch. 10 Lab E | Yes2 | ||||
| Ch. 10 Lab F | Yes2 | ||||
| Ch. 10 Lab G | Yes2 | ||||
| Ch. 10 Lab H | Yes2 | ||||
| SBA | Yes1 |
1Supported using ASA 5505
2Supported using ASA 5510
The routers used must meet minimum IOS requirements specified by the curriculum. The following recommendations are based on the CCNA Security Equipment List (available on Academy Connection). Other routers and switches models may be used. Please consult Academy Connection NetAcad Maintenance - Image & Hardware Support Assistance with Legacy Equipment and Software.
| Router / Switch |
Recommended Model(s) |
Minimum DRAM |
Minimum IOS |
Feature Set |
|---|---|---|---|---|
| R1 | Cisco 1841 Cisco 1941 |
192 MB | 12.4(20)T1 | Advanced IP Services |
| R21 | Cisco 1841 Cisco 1941 |
128 MB | 12.4(20)T1 | IP Base |
| R31 | Cisco 1841 Cisco 1941 |
192 MB | 12.4(20)T1 | Advanced IP Services |
| S1 | Cisco 2960 | LAN Base Image | ||
| S2 | Cisco 2960 | LAN Base Image | ||
| S3 | Cisco 2960 | LAN Base Image |
1Routers R2 and R3 do not apply to Lan Switching Pods (LSP)
CCNA Security labs require different console and enable secret password settings from other courses. If CCNA Security and other courses are enabled in the same class, it is likely that the NETLAB+ automation will fail to save configuration files, since the default passwords, cisco and class are not the correct passwords for CCNA Security.
To avoid configuration management problems, we recommend that the CCNA Security course be enabled in a separate class from other courses. Enabling this course within a separate class will allow you to set the appropriate console and enable secret passwords in the class settings required for CCNA Security.
Create a new class to be used for the CCNA Security Course using the following settings:
The pod types listed are also available for "pod-only" reservations. To enable pod-only reservations, select the check boxes for the following options in the class settings that are appropriate for the pods available on your system:
"Pod-only" reservations are not tied to specific lab exercises. Therefore, the pod will be configured using the default network configuration and will not be properly configured to complete CCNA Security labs.
More information is available in the Enable Multi-Purpose Academy Pod Exercises section of the Multi-purpose Academy Pod Planning and Installation Guide
Always select the correct lab exercise for the lab being performed. Students or teams should schedule the correct lab exercise from the catalog. NETLAB+ will only show those labs for which the required pod type is available. A lab that works on different pod types may appear more than once if your system is so equipped. Instructors should select the correct lab from the Exercise tab during instructor-led lab reservations. This can be done as many times as needed during the reservation.
Importance of Choosing the Correct Lab Exercise
Several of the labs may differ from the standard pod topologies. This is handled by NETLAB+ Dynamic VLAN Mapping technology. Always select the correct lab exercise for the actual lab. This insures that NETLAB+ will set up VLANs on the control switch such that lab devices and PCs are placed in the correct LAN segment for the exercise being performed. Selecting the correct exercise will also make the completed lab output easier to find in the archive.
NETLAB+ will configure the routers and switches with initial configuration files that include basic IP connectivity. Please verify this configuration by pinging the network interfaces before starting the lab exercise.
The ASA is required in order to complete 8 of the labs (Ch. 10, labs A,B,C,D,E,F and G) as noted in the pod compatibility table above. These 8 labs are the only CCNA Security labs that require the ASA. You will use either Labs A-D or Labs E-H, depending on the ASA model you install on your MAP w/ASA.
Four of the labs requiring the ASA, Ch.10 labs A, B, C and D are supported using the ASA 5505.
The other four labs requiring the ASA, Ch.10 labs E, F, G and H are supported using the ASA 5510.
Please refer to the Multi-purpose Academy Pod with ASA page for details on implementation.
| Device | Recommended Model(s) |
Minimum DRAM |
Minimum Flash |
Recommended IOS Feature Set |
|---|---|---|---|---|
| ASA | Cisco 5505 Adaptive Security Appliance (ASA) |
512 MB | 128 MB | Cisco (ASA) Software Version 8.4(2) Base License Cisco ASDM Version 6.4(5) |
| ASA | Cisco 5510 Adaptive Security Appliance (ASA) |
1 GB | 256 MB | Cisco (ASA) Software Version 8.4(2) Base License Cisco ASDM Version 6.4(5) |
| Software Name | Purpose | Requirements | Comments / Links |
|---|---|---|---|
| Cisco Configuration Professional (CCP) | CCP is installed in the PCs. |
Supported Microsoft Windows O/S:
|
When using CCP:
|
| Kiwi Syslog | This software will be used as the syslog server. |
Supported O/S:
|
www.kiwisyslog.com |
| Wireshark | This software will be used as the sniffer and packet analyzer. | Windows/Linux | www.wireshark.org |
| WinRadius | WinRadius is a standard RADIUS server for network authentication and accounting. | Windows/Linux | http://winradius.eu |
| NMAP | This software is used to test the lab configuration. | Windows/Linux | www.insecure.org |
| Cisco VPN Client | This software is used to build a VPN. | www.cisco.com | |
| Tera Term Pro V2.3 | Software terminal emulator for Windows. | www.ayera.com/teraterm/ | |
| TFTP32 | DHCP, TFTP, SMTP, Syslog servers, and TFTP client. | tftpd32.jounin.net.com | |
| IOS-Sxxx-CLI.pkg | This file is used with the Chapter 5 lab. | To obtain instructions on the file version and how to download, please read the Chapter 5 Lab. | |
| realm-cisco.pub.key.txt | This file is used with the Chapter 5 lab. | To obtain instructions on the file version and how to download, please read the Chapter 5 Lab. | |
| PuTTY SSH Client | Used as an SSH Client | Windows/Linux | www.chiark.greenend.org.uk/~sgtatham/putty/ |
